| Description: | Summary:
The remote host is missing an update for the 'MozillaThunderbird'
package(s) announced via the SUSE-SU-2023:4016-1 advisory.
Vulnerability Insight:
This update for MozillaThunderbird fixes the following issues:
Security fixes: - CVE-2023-5217: Fixed a heap buffer overflow in libvpx.
(bsc#1215814) - CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1.
(bsc#1215575) - CVE-2023-5169: Out-of-bounds write in PathOps. (bsc#1215575) -
CVE-2023-5171: Use-after-free in Ion Compiler. (bsc#1215575) - CVE-2023-5174:
Double-free in process spawning on Windows. (bsc#1215575) - CVE-2023-5176:
Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird
115.3. (bsc#1215575)
Other fixes:
* Mozilla Thunderbird 115.3.1
* fixed: In Unified Folders view, some folders had incorrect unified folder
parent (bmo#1852525)
* fixed: 'Edit message as new' did not restore encrypted subject from selected
message (bmo#1788534)
* fixed: Importing some CalDAV calendars with yearly recurrence events caused
Thunderbird to freeze (bmo#1850732)
* fixed: Security fixes MFSA 2023-44 (bsc#1215814)
* CVE-2023-5217 (bmo#1855550) Heap buffer overflow in libvpx
* Mozilla Thunderbird 115.3
* fixed: Thunderbird could not import profiles with hostname ending in dot
('.') (bmo#1825374)
* fixed: Message header was occasionally missing in message preview
(bmo#1840943)
* fixed: Setting an existing folder's type flag did not add descendant folders
to the Unified Folders view (bmo#1848904)
* fixed: Thunderbird did not always delete all temporary mail files, sometimes
preventing messages from being sent (bmo#673703)
* fixed: Status bar in Message Compose window could not be hidden
(bmo#1806860)
* fixed: Message header was intermittently missing from message preview
(bmo#1840943)
* fixed: OAuth2 did not work on some profiles created in Thunderbird 102.6.1
or earlier (bmo#1814823)
* fixed: In Vertical View, decrypted subject lines were displayed as ellipsis
('...') in message list (bmo#1831764)
* fixed: Condensed address preference (mail.showCondensedAddresses) did not
show condensed addresses in message list (bmo#1831280)
* fixed: Spam folder could not be assigned non-ASCII names with IMAP UTF-8
enabled (bmo#1816332)
* fixed: Message header was not displayed until images finished loading,
causing noticeable delay for messages containing large images (bmo#1851871)
* fixed: Large SVG favicons did not display on RSS feeds (bmo#1853895)
* fixed: Context menu items did not display a hover background color
(bmo#1852732)
* fixed: Security fixes MFSA 2023- ...
Description truncated. Please see the references for more information.
Affected Software/OS:
'MozillaThunderbird' package(s) on openSUSE Leap 15.4, openSUSE Leap 15.5.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
